Custom authorization attribute not working in WebA

2020-02-26 14:51发布

站内问答 / C#
2071 4 4 

 public class CustomAuthorizeAttribute : AuthorizationFilterAttribute
 {  
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
       return true;// if my current user is authorised
    }
 }

Above is my CustomAuthorizeAttribute Class and

[CustomAuthorize] // both [CustomAuthorize] and [CustomAuthorizeAttribute ] I tried 
public class ProfileController : ApiController
{
   //My Code..
}

When I'm calling 

http://localhost:1142/api/Profile

It is not firing CustomAuthorizeAttribute

More over My FilterConfig class is look like below

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {            
        filters.Add(new CustomAuthorizeAttribute());
    }
}

Please help if I miss something.

4条回答
【Aperson】
2楼-- · 2020-02-26 15:13

YOur custom attribute should inherit from System.Web.Http.Filters.AuthorizationFilterAttribute

and it should look like this 

using System.Web.Http.Controllers;
using System.Web.Http.Filters;
public class CustomAuthorizeAttribute : System.Web.Http.Filters.AuthorizationFilterAttribute
{   
    public override bool AllowMultiple
    {
        get { return false; }
    }

    public override void OnAuthorization(HttpActionContext actionContext)
    {
        //Perform your logic here
        base.OnAuthorization(actionContext);
    }
}
查看更多
0人赞 添加讨论(0) 举报
倾城 Initia
3楼-- · 2020-02-26 15:14

Try with this.

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        return true;
    }
}
查看更多
0人赞 添加讨论(0) 举报
混吃等死
4楼-- · 2020-02-26 15:21

To add onto the other answers that have you inherit from System.Web.Http.Filters.AuthorizationFilterAttribute, I put this into my OnAuthorization method to make sure the user was logged in:

if (!actionContext.RequestContext.Principal.Identity.IsAuthenticated)
{
     // or whatever sort you want to do to end the execution of the request
     throw new HttpException(403, "Forbidden");
}
查看更多
0人赞 添加讨论(0) 举报
我想做一个坏孩纸
5楼-- · 2020-02-26 15:25
  1. Looks like you are using an MVC filter instead of a Web API filter. It can be detected in the sample because it uses HttpContextBase. Instead use the filter from the System.Web.Http.Filters namespace.
  2. You need to override OnAuthorization or OnAuthorizationAsync on the Web API filter.
  3. You don't need to register a global filter and decorate your controller with it. Registering it will make it run for all controllers.

Web API filter code: https://aspnetwebstack.codeplex.com/SourceControl/latest#src/System.Web.Http/Filters/AuthorizationFilterAttribute.cs

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)